[Cryptography] What should I put in notifications to NSA?
drwho at virtadpt.net
Thu Dec 17 13:21:51 EST 2015
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 15 Dec 2015 23:29:58 -0500
Phillip Hallam-Baker <phill at hallambaker.com> wrote:
> What do folk normally do here? I was thinking of giving them the URL
> of the repository and a statement to the effect that by complying I do
> not wave my first amendment rights
When faced with this, Project Byzantium contacted the Electronic Frontier Foundation and worked out what did and did not need to be done with one of their subject matter experts. We then moved forward from there.
I am not a lawyer. This is not legal advice. Get your own lawyer. This is only what Byzantium did:
Due to the fact that we did not write our own crypto code (we used OpenSSL and applications which relied upon OpenSSL) we did not need to do this. The advice we were given was that, due to the fact that we did not write crypto code of our own, and we were using someone else's that had been packaged by yet someone else (two someone elses, actually - from Slackware to Porteus Linux to us, the code did flow) this set of regulations did not apply to our project.
Your mileage will probably vary. Get a lawyer.
The Doctor [412/724/301/703/415] [ZS]
PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
"That wasn't a metaphor."
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the cryptography